In various places, a private _thread_entry_t, or the full prototype
were being used. Be consistent and use the same typedef everywhere.
Signen-off-by: Andrew Boie <andrew.p.boie@intel.com>
Previously, this was only done if an essential thread self-exited,
and was a runtime check that generated a kernel panic.
Now if any thread has k_thread_abort() called on it, and that thread
is essential to the system operation, this check is made. It is now
an assertion.
_NANO_ERR_INVALID_TASK_EXIT checks and printouts removed since this
is now an assertion.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
For some reason, the ESP32 HAL defines XCHAL_EXCM_LEVEL to 3. This
enables a version of _Level4Vector that doesn't work on this hardware.
Without complete visibility if the version that should work be axed,
keep both in the tree, but build the working other version instead
if building for ESP32.
Jira: ZEP-2556
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
This cleans up the exception handling by removing the table declaration
from xtensa_intr_asm.S, and removing the unused
_xt_set_exception_handler() function.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
The Xtensa port was the only one remaining to be converted to the new
way of connecting interrupts in Zephyr. Some things are still
unconverted, mainly the exception table, and this will be performed
another time.
Of note: _irq_priority_set() isn't called on _ARCH_IRQ_CONNECT(), since
IRQs can't change priority on Xtensa: while the architecture has the
concept of interrupt priority levels, each line has a fixed level and
can't be changed.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
Historically, stacks were just character buffers and could be treated
as such if the user wanted to look inside the stack data, and also
declared as an array of the desired stack size.
This is no longer the case. Certain architectures will create a memory
region much larger to account for MPU/MMU guard pages. Unfortunately,
the kernel interfaces treat both the declared stack, and the valid
stack buffer within it as the same char * data type, even though these
absolutely cannot be used interchangeably.
We introduce an opaque k_thread_stack_t which gets instantiated by
K_THREAD_STACK_DECLARE(), this is no longer treated by the compiler
as a character pointer, even though it really is.
To access the real stack buffer within, the result of
K_THREAD_STACK_BUFFER() can be used, which will return a char * type.
This should catch a bunch of programming mistakes at build time:
- Declaring a character array outside of K_THREAD_STACK_DECLARE() and
passing it to K_THREAD_CREATE
- Directly examining the stack created by K_THREAD_STACK_DECLARE()
which is not actually the memory desired and may trigger a CPU
exception
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The first stage bootloader, part of the ESP32 ROM, already sets up
a stack that's sufficient to execute C programs. So, instead of
implementing __stack() in assembly, do it in C to simplify things
slightly.
This ESP32-specific initialization will perform the following:
- Disable the watchdog timer that's enabled by the bootloader
- Move exception handlers to IRAM
- Disable normal interrupts
- Disable the second CPU
- Zero out the BSS segment
Things that might be performed in the future include setting up the
CPU frequency, memory protection regions, and enabling the flash
cache.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
Stack sentinel doesn't prevent corruption, it just notices when
it happens. Any memory could be in a bad state and it's more
appropriate to take the entire system down rather than just kill
the thread.
Fatal testcase will still work since it installs its own
_SysFatalErrorHandler.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
One of the stack sentinel policies was to check the sentinel
any time a cooperative context switch is done (i.e, _Swap is
called).
This was done by adding a hook to _check_stack_sentinel in
every arch's __swap function.
This way is cleaner as we just have the hook in one inline
function rather than implemented in several different assembly
dialects.
The check upon interrupt is now made unconditionally rather
than checking if we are calling __swap, since the check now
is only called on cooperative _Swap(). The interrupt is always
serviced first.
Issue: ZEP-2244
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
XCC doesn't recognize the "I" compiler constraint but GCC does. Switch
to "i" which is understood by both.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This places a sentinel value at the lowest 4 bytes of a stack
memory region and checks it at various intervals, including when
servicing interrupts or context switching.
This is implemented on all arches except ARC, which supports stack
bounds checking directly in hardware.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We had two assembly files to prepare for entry into C domain,
one intended for the simulator and one intended for real boards.
- Both files merged into a single crt1.S for either simulated or real
targets
- Extra logic to populate command line arguments from simulator removed,
we don't use it.
- BSS zeroing logic from crt1-boards.S used
- Reference to missing reset-unneeded.S removed
- exit() implementation moved to fatal.c, now invokes a kernel panic
if we are not running under the simulator
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Unline k_thread_spawn(), the struct k_thread can live anywhere and not
in the thread's stack region. This will be useful for memory protection
scenarios where private kernel structures for a thread are not
accessible by that thread, or we want to allow the thread to use all the
stack space we gave it.
This requires a change to the internal _new_thread() API as we need to
provide a separate pointer for the k_thread.
By default, we still create internal threads with the k_thread in stack
memory. Forthcoming patches will change this, but we first need to make
it easier to define k_thread memory of variable size depending on
whether we need to store coprocessor state or not.
Change-Id: I533bbcf317833ba67a771b356b6bbc6596bf60f5
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
C library is not actually used by the xtensa port, we only need the
'exit' function. Implement 'exit' in crt1-* and drop remaining
references to the C library.
Change-Id: I8a562363956b4755a6b5baee7acf3726485e5ce3
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
XT_* macros are defined in xtensa HAL headers as xcc intrinsics. gcc
does not have any of these intrinsics. Replace XT_* macros with inline
assembly or provide gcc-compatible definitions.
Change-Id: If823ea8a7898a11a3a8363b17efdba27dee4c6a4
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
This fixes ZEP-1955. The issue was that the interrupt stack frame only
allocates 4 registers. This means that if any window overflow happens,
only 4 registers can be saved. This implies that the interrupt handler
can not call functions other than using call4. If this rule is not
honored, then it will result in the registers being overwriting other
context information and thus a stack corruption.
The fix consists on using call4 for calling even t logger function,
which is by the way more optimal as the interrupt handler does not need
to save more than 4 registers when these functions are called.
Issue: ZEP-1955
Change-Id: Iacea626443d1d61d95a52253ac8ff15fc3722d2c
Signed-off-by: Mazen NEIFER <mazen@nestwave.com>
Future tickless kernel patches would be inserting some
code before call to Swap. To enable this it will create
a mcro named as the current _Swap which would call first
the tickless kernel code and then call the real __swap()
Jira: ZEP-339
Change-Id: Id778bfcee4f88982c958fcf22d7f04deb4bd572f
Signed-off-by: Ramesh Thomas <ramesh.thomas@intel.com>
Unlike assertions, these APIs are active at all times. The kernel will
treat these errors in the same way as fatal CPU exceptions. Ultimately,
the policy of what to do with these errors is implemented in
_SysFatalErrorHandler.
If the archtecture supports it, a real CPU exception can be triggered
which will provide a complete register dump and PC value when the
problem occurs. This will provide more helpful information than a fake
exception stack frame (_default_esf) passed to the arch-specific exception
handling code.
Issue: ZEP-843
Change-Id: I8f136905c05bb84772e1c5ed53b8e920d24eb6fd
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We do the same thing on all arch's right now for thread_monitor_init so
lets put it in a common place. This also should fix an issue on xtensa
when thread monitor can be enabled (reference to _nanokernel.threads).
Change-Id: If2f26c1578aa1f18565a530de4880ae7bd5a0da2
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
We do a bit of the same stuff on all the arch's to setup a new thread.
So lets put that code in a common place so we unify it for everyone and
reduce some duplicated code.
Change-Id: Ic04121bfd6846aece16aa7ffd4382bdcdb6136e3
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Convert code to use u{8,16,32,64}_t and s{8,16,32,64}_t instead of C99
integer types. There are few places we dont convert over to the new
types because of compatiability with ext/HALs or for ease of transition
at this point. Fixup a few of the PRI formatters so we build with newlib.
Jira: ZEP-2051
Change-Id: I7d2d3697cad04f20aaa8f6e77228f502cd9c8286
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
This is a start to move away from the C99 {u}int{8,16,32,64}_t types to
Zephyr defined u{8,16,32,64}_t and s{8,16,32,64}_t. This allows Zephyr
to define the sized types in a consistent manor across all the
architectures we support and not conflict with what various compilers
and libc might do with regards to the C99 types.
We introduce <zephyr/types.h> as part of this and have it include
<stdint.h> for now until we transition all the code away from the C99
types.
We go with u{8,16,32,64}_t and s{8,16,32,64}_t as there are some
existing variables defined u8 & u16 as well as to be consistent with
Zephyr naming conventions.
Jira: ZEP-2051
Change-Id: I451fed0623b029d65866622e478225dfab2c0ca8
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
This commit should fix the concern about uninitialized memory of main
thread that was raised in https://gerrit.zephyrproject.org/r/#/c/12920/
The issue is more general, if it happens that the content of the
CPENABLE flag of any thread is set then any other thread using the CP
may cause a memory corruption.
I'd prefer to avoid the issue by initializing the CP descriptor to 0.
The descriptor itself is few words. We set them to 0 up to CP_ASA, which
is set to a real value.
As the dummy thread instantiated at the kernel startup does not use CP,
there is no CP area in its thread memory buffer. However it is mandatory
that it have the CP descriptor and that cpEnable in that descripot is
set to null. This is ensured by adding XT_CP_DESCR_SIZE to
_K_THREAD_NO_FLOAT_SIZEOF.
Change-Id: I6a36b5b363600ea1e6d98ab679981182b2b5a236
Signed-off-by: Mazen NEIFER <mazen@nestwave.com>
This reverts commit da8bff6b20.
We revert this as we intent to move away from {u}int{8,16,32,64}_t types
to our own internal types for sized variables so we shouldn't need the
PRI macros anymore.
Change-Id: Ibb1fae7500bddb4772b8830d497a0e5f78b44bcc
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
To allow for various libc implementations (like newlib) in which the way
various {u}int{8,16,32}_t types are defined vary between both libc
implementations and across architectures we need to utilize the PRI
defines.
Change-Id: Ic4e65db52c8d693228cf80584283d4d06e68b5ad
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
gcc only understands -mlongcalls form of this option, xcc understands
both. Use -mlongcalls for building with both xcc and gcc.
Change-Id: I93f65ccbc97429ae564f1986120b37ce205ee38c
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
The issue was that cpStack was changed to a memory buffer by commit
https://gerrit.zephyrproject.org/r/#/c/12816
However the assembly code was expecting it to be a pointer and thus
issuing an indirection, that leads to wrong addresses.
The fix removed this unnecessary indirection and thus the inherent
invalid memory access exception.
Issue: ZEP-1997
Change-Id: I843f049212f2d116a01b05367a284209f463a5e7
Signed-off-by: Mazen NEIFER <mazen@nestwave.com>
_power_save_idle_exit() was removed long ago. All arches now just
call _sys_power_save_idle_exit() if PM is enabled.
Change-Id: I9cce3eecc8cbf1cbce15a355be420e747fb978de
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The CP context area was before on the bottom of the stack just
after the thread descriptor. Now it is moved inside the thread
descriptor to support some kind of memory protection.
Change-Id: Id3ebeaecfd9c2475899713fdc8da583a1f9121f9
Signed-off-by: Mazen NEIFER <mazen@nestwave.com>
fibers/tasks are now just threads and we should not be using
struct *tcs any more.
Change-Id: Iee5369abcc66b4357a0c75537025fe8edb0ffbb4
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
When an IRQ is serviced, the ISR dispatcher will check for any new thread in
the ready queue and switch to it. However, if the current thread is marked as
non preemptable due to _kernel.current->base.preempt > _NON_PREEMPT_THRESHOLD
then we should not switch to another one.
Change-Id: Icdc08105cc6433da479bb95265710462a0f37c0b
Signed-off-by: Mazen NEIFER <mazen@nestwave.com>
1) Fatal errors now all go through _SysFatalErrorHandler. When the
simulator is used, only the death of 'essential' threads will result
in the simulator exiting; some test cases that test exceptions may
actually expect a thread to terminate abnormally.
2) The human readability of the exception errors is improved.
Change-Id: I77f57ea0eae15b0c55237681b959cd21e3fe8c1c
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The a3 register was supposed to hold the _thread pointer but it seems that it
does not in all cases. Safe to restore it from _kernel structure.
Change-Id: Ie2ff6c3faf0fe70de4c5877ab59433d0c165145b
Signed-off-by: Mazen NEIFER <mazen@nestwave.com>
This change should allow threads that do not access coprocessor to safely
overflow on the coprocessor save area without any issue.
Change-Id: Ic2acd20b60b6bef0b7feeb8cfb54d548eba892f0
Signed-off-by: Mazen NEIFER <mazen@nestwave.com>
This was a kind of optimization that save few cycles in the cost of code
duplication. However the path where we resume from interrupt withouch changing
the running thread is buggy and leads to many tests to fail. For now I'd prefer
to remove this optimization and have a working port. Later, once everything is
OK, I'll have time to optimize things.
Change-Id: I7af58f383848d157b9f3b3fbeceede3e83f9ce61
Signed-off-by: Mazen NEIFER <mazen@nestwave.com>
Having duplicate code leads always to this kind of situation where a bug is
fixed in one place and not in the other. This bug of updating current thread
pointer was already fixed before in the Swap function, but not in the interrupt
handler.
Change-Id: I466aea2d35382446c5c82fe775ada31f0bd19492
Signed-off-by: Mazen NEIFER <mazen@nestwave.com>
This function needs to be decalred in a file included by _thread_entry.
It also needs to have exit function declared as not returning.
Change-Id: I2a01e7408cf70266351ae5089f45b5d9d009fabe
Signed-off-by: Mazen NEIFER <mazen@nestwave.com>
Anas Nashif